Merge branch 'prevent-sqlinjection' into 'develop'

Prevent sqlinjection

See merge request bluekay/shopping-list!12
This commit is contained in:
Tim Krehan 2019-05-23 12:43:48 +00:00
commit 5b41ed338c
78 changed files with 78603 additions and 2283 deletions

View file

@ -6,7 +6,7 @@
RewriteRule ^([a-zA-Z0-9-]+)$ ?site=$1 RewriteRule ^([a-zA-Z0-9-]+)$ ?site=$1
#alles, was versucht ein Script aufzurufen #alles, was versucht ein Script aufzurufen
RewriteRule /bin/(.+) /bin/$1 RewriteRule /js/(.+) /js/$1
#Error Seite #Error Seite
RewriteRule ^error/([a-zA-Z0-9-_]+)$ ?site=error&id=$1 RewriteRule ^error/([a-zA-Z0-9-_]+)$ ?site=error&id=$1

View file

@ -2,4 +2,5 @@
$CONFIG = array ( $CONFIG = array (
'installed' => false, 'installed' => false,
); );
?> ?>

View file

@ -1,6 +1,6 @@
<head> <head>
<link rel="stylesheet" href="/style/adduser.css"> <link rel="stylesheet" href="/style/adduser.css">
<script src="/bin/adduser.js" charset="utf-8"></script> <script src="/js/adduser.js" charset="utf-8"></script>
</head> </head>
<h1>Benutzer hinzufügen</h1> <h1>Benutzer hinzufügen</h1>
<div class="adduser"> <div class="adduser">

View file

@ -3,7 +3,7 @@
<head> <head>
<title>Installationsfehler</title> <title>Installationsfehler</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<script src="/bin/error.js" charset="utf-8"></script> <script src="/js/error.js" charset="utf-8"></script>
</head> </head>
<body> <body>
<div class="container"> <div class="container">

View file

@ -1,4 +1,4 @@
<script src="/bin/list.js" charset="utf-8"></script> <script src="/js/list.js" charset="utf-8"></script>
<div class="container mt-5"> <div class="container mt-5">
<h1>Liste</h1> <h1>Liste</h1>
</div> </div>
@ -28,7 +28,7 @@
$checked = ""; $checked = "";
} }
print_r("<div class='$div_item_row_classes $div_item_row_color_classes'>"); print_r("<div class='list-row $div_item_row_classes $div_item_row_color_classes'>");
print_r("<div class='$div_item_checkbox_classes'><input type='checkbox' class='$input_item_checkbox_classes' data-color='$color_theme' data-id='$item->ID' $checked></div>"); print_r("<div class='$div_item_checkbox_classes'><input type='checkbox' class='$input_item_checkbox_classes' data-color='$color_theme' data-id='$item->ID' $checked></div>");
print_r("<div class='$div_item_quantity_classes'>$item->Anzahl $item->Einheit</div>"); print_r("<div class='$div_item_quantity_classes'>$item->Anzahl $item->Einheit</div>");
print_r("<div class='$div_item_name_classes'>$item->Name</div>"); print_r("<div class='$div_item_name_classes'>$item->Name</div>");

View file

@ -15,7 +15,7 @@
<input type="password" class="form-control" name="pass" id="pass" placeholder="**********" required="required"> <input type="password" class="form-control" name="pass" id="pass" placeholder="**********" required="required">
</div> </div>
<div class="form-group form-check"> <div class="form-group form-check">
<input type="checkbox" class="form-check-input" id="rememberme"> <input type="checkbox" class="form-check-input" id="rememberme" name="rememberme">
<label class="form-check-label" for="rememberme">Angemeldet bleiben</label> <label class="form-check-label" for="rememberme">Angemeldet bleiben</label>
</div> </div>
<button type="submit" class="btn btn-primary">Login</button> <button type="submit" class="btn btn-primary">Login</button>

View file

@ -2,7 +2,7 @@
if($_SERVER["REQUEST_URI"]!="/new-recipe"){ if($_SERVER["REQUEST_URI"]!="/new-recipe"){
$submitFunction = "update"; $submitFunction = "update";
$title = "Bearbeiten"; $title = "Bearbeiten";
$script = '<script src="/bin/edit-recipe.js" charset="utf-8"></script>'; $script = '<script src="/js/edit-recipe.js" charset="utf-8"></script>';
$additionalInput = "<input type='hidden' name='id' value=''>"; $additionalInput = "<input type='hidden' name='id' value=''>";
} }
else{ else{
@ -12,8 +12,8 @@
$additionalInput = ""; $additionalInput = "";
} }
?> ?>
<script src="/bin/manageRecipe.js" charset="utf-8"></script> <script src="/js/manageRecipe.js" charset="utf-8"></script>
<script src="/bin/autocomplete.js" charset="utf-8"></script> <script src="/js/autocomplete.js" charset="utf-8"></script>
<?php echo $script; ?> <?php echo $script; ?>
<div class="container mt-5"> <div class="container mt-5">
<h1><?php echo $title ?></h1> <h1><?php echo $title ?></h1>

View file

@ -1,16 +1,47 @@
<nav class="navbar navbar-inverse bg-secondary rounded-bottom pt-0 pb-0"> <nav class="navbar navbar-expand-sm navbar-dark bg-dark rounded-bottom fixed-top">
<div class="container-fluid"> <a class="navbar-brand" href="/">
<i class="fas fa-check-square w-auto"></i>
ShoppingList
</a>
<ul class="nav navbar-left"> <button class="navbar-toggler float-right" type="button" data-toggle="collapse" data-target="#navbarToggleResponsive" aria-controls="navbarToggleResponsive" aria-expanded="false" aria-label="Toggle navigation">
<a class="navbar-brand text-light font-weight-bold p-2" href="/"><i class="fas fa-check-square w-auto"></i></a> <i class="fas fa-bars"></i>
<a class="text-light font-weight-bold text-decoration-none p-2 ml-1" href="/list">Liste</a> </button>
<a class="text-light font-weight-bold text-decoration-none p-2 ml-1" href="/recipes">Rezepte</a>
</ul> <div class="collapse navbar-collapse">
<ul class="navbar-nav mr-auto">
<li class="nav-item <?php if(($site=="list")||($site=="-1")){print_r("active");} ?>">
<a class="nav-link" href="/list"><i class="fas fa-list"></i> Liste</a>
</li>
<li class="nav-item <?php if($site=="recipes"){print_r("active");} ?>">
<a class="nav-link" href="/recipes"><i class="fas fa-book"></i> Rezepte</a>
</li>
</ul>
<ul class="navbar-nav">
<li class="nav-item <?php if($site=="settings"){print_r("active");} ?>">
<a class="nav-link" href="/settings"><i class="fas fa-user-cog"></i></a>
</li>
<li class="nav-item">
<a class="nav-link" href="/php/logout.php"><i class="fas fa-sign-out-alt"></i></a>
</li>
</ul>
</div>
<ul class="nav navbar-right text-light">
<a class="fas fa-user-cog text-light text-decoration-none p-1" href="/settings"></a>
<a class="fas fa-sign-out-alt text-light text-decoration-none p-1" href="/php/logout.php" id='logout'></a>
</ul>
</div> <div class="collapse w-75 pl-2" id="navbarToggleResponsive">
</nav> <ul class="navbar-nav mr-auto">
<li class="nav-item <?php if($site=="list"){print_r("active");} ?>">
<a class="nav-link" href="/list"><i class="fas fa-list"></i> Liste</a>
</li>
<li class="nav-item <?php if($site=="recipes"){print_r("active");} ?>">
<a class="nav-link" href="/recipes"><i class="fas fa-book"></i> Rezepte</a>
</li>
<li class="nav-item <?php if($site=="settings"){print_r("active");} ?>">
<a class="nav-link" href="/settings"><i class="fas fa-user-cog"></i> Einstellungen</a>
</li>
<li class="nav-item">
<a class="nav-link" href="/php/logout.php"><i class="fas fa-sign-out-alt"></i> Logout</a>
</li>
</ul>
</div>
</nav>

View file

@ -1,13 +1,12 @@
<script src="/bin/recipe.js" charset="utf-8"></script> <script src="/js/recipe.js" charset="utf-8"></script>
<?php <?php
include $_SESSION["docroot"].'/php/classes.recipe.php'; include $_SESSION["docroot"].'/php/classes.recipe.php';
include $_SESSION["docroot"].'/php/classes.parsedown.php';
$book = new cookbook; $book = new cookbook;
$book->getRecipe($_GET["number"]); $book->getRecipe($_GET["number"]);
$recipe = $book->sites[0]; $recipe = $book->sites[0];
?> ?>
<div class="dropdown text-right mt-4"> <div class="dropdown text-right mt-5">
<button class="btn btn-primary dropdown-toggle" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <button class="btn btn-primary dropdown-toggle" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
Menü Menü
</button> </button>

View file

@ -1,5 +1,4 @@
<!-- <link rel="stylesheet" href="/style/recipes.css"> --> <script src="/js/search.js" charset="utf-8"></script>
<script src="/bin/search.js" charset="utf-8"></script>
<div class="container mt-5 mb-5"> <div class="container mt-5 mb-5">
<h1>Rezepte</h1> <h1>Rezepte</h1>

View file

@ -1,4 +1,4 @@
<script src="/bin/settings.js" charset="utf-8"></script> <script src="/js/settings.js" charset="utf-8"></script>
<div class="container mt-5"> <div class="container mt-5">
<h1>Einstellungen</h1> <h1>Einstellungen</h1>
</div> </div>
@ -112,11 +112,8 @@
<div class="toast fixed-bottom m-2" role="alert" id="toast-pw-success" aria-live="assertive" aria-atomic="true" data-delay="4000" data-animation="true"> <div class="toast fixed-bottom m-2" role="alert" id="toast-pw-success" aria-live="assertive" aria-atomic="true" data-delay="4000" data-animation="true">
<div class="toast-header"> <div class="toast-header">
<i class="close_toast fas fa-check-square w-auto mr-2"></i> <i class="fas fa-check-square w-auto mr-2"></i>
<strong class="mr-auto">ShoppingList</strong> <strong class="mr-auto">ShoppingList</strong>
<button type="button" class="ml-2 mb-1 close" data-dismiss="toast" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
</div> </div>
<div class="toast-body"> <div class="toast-body">
Passwort erfolgreich geändert! Passwort erfolgreich geändert!
@ -125,11 +122,8 @@
<div class="toast fixed-bottom m-2" role="alert" id="toast-list-import-success" aria-live="assertive" aria-atomic="true" data-delay="4000" data-animation="true"> <div class="toast fixed-bottom m-2" role="alert" id="toast-list-import-success" aria-live="assertive" aria-atomic="true" data-delay="4000" data-animation="true">
<div class="toast-header"> <div class="toast-header">
<i class="close_toast fas fa-check-square w-auto mr-2"></i> <i class="fas fa-check-square w-auto mr-2"></i>
<strong class="mr-auto">ShoppingList</strong> <strong class="mr-auto">ShoppingList</strong>
<button type="button" class="ml-2 mb-1 close" data-dismiss="toast" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
</div> </div>
<div class="toast-body"> <div class="toast-body">
Liste erfolgreich importiert! Liste erfolgreich importiert!
@ -138,24 +132,18 @@
<div class="toast fixed-bottom m-2" role="alert" id="toast-recipe-import-success" aria-live="assertive" aria-atomic="true" data-delay="4000" data-animation="true"> <div class="toast fixed-bottom m-2" role="alert" id="toast-recipe-import-success" aria-live="assertive" aria-atomic="true" data-delay="4000" data-animation="true">
<div class="toast-header"> <div class="toast-header">
<i class="close_toast fas fa-check-square w-auto mr-2"></i> <i class="fas fa-check-square w-auto mr-2"></i>
<strong class="mr-auto">ShoppingList</strong> <strong class="mr-auto">ShoppingList</strong>
<button type="button" class="ml-2 mb-1 close" data-dismiss="toast" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
</div> </div>
<div class="toast-body"> <div class="toast-body">
Rezepte erfolgreich importiert! Rezepte erfolgreich importiert!
</div> </div>
</div> </div>
<div class="toast fixed-bottom m-2" role="alert" id="toast-recipe-import-warning" aria-live="assertive" aria-atomic="true" data-autohide="false" data-animation="true"> <div class="toast fixed-bottom m-2" role="alert" id="toast-recipe-import-warning" aria-live="assertive" aria-atomic="true" data-autohide="4000" data-animation="true">
<div class="toast-header"> <div class="toast-header">
<i class="close_toast fas fa-check-square w-auto mr-2"></i> <i class="close_toast fas fa-check-square w-auto mr-2"></i>
<strong class="mr-auto">ShoppingList</strong> <strong class="mr-auto">ShoppingList</strong>
<button type="button" class="ml-2 mb-1 close" data-dismiss="toast" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
</div> </div>
<div class="toast-body"> <div class="toast-body">
Nicht alle Rezepte konnten importiert werden! Fehlerhafte Rezepte wieder exportiert. Nicht alle Rezepte konnten importiert werden! Fehlerhafte Rezepte wieder exportiert.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -1,93 +0,0 @@
Copyright (c) 2010-2014 by tyPoland Lukasz Dziedzic (team@latofonts.com) with Reserved Font Name "Lato"
This Font Software is licensed under the SIL Open Font License, Version 1.1.
This license is copied below, and is also available with a FAQ at:
http://scripts.sil.org/OFL
-----------------------------------------------------------
SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
-----------------------------------------------------------
PREAMBLE
The goals of the Open Font License (OFL) are to stimulate worldwide
development of collaborative font projects, to support the font creation
efforts of academic and linguistic communities, and to provide a free and
open framework in which fonts may be shared and improved in partnership
with others.
The OFL allows the licensed fonts to be used, studied, modified and
redistributed freely as long as they are not sold by themselves. The
fonts, including any derivative works, can be bundled, embedded,
redistributed and/or sold with any software provided that any reserved
names are not used by derivative works. The fonts and derivatives,
however, cannot be released under any other type of license. The
requirement for fonts to remain under this license does not apply
to any document created using the fonts or their derivatives.
DEFINITIONS
"Font Software" refers to the set of files released by the Copyright
Holder(s) under this license and clearly marked as such. This may
include source files, build scripts and documentation.
"Reserved Font Name" refers to any names specified as such after the
copyright statement(s).
"Original Version" refers to the collection of Font Software components as
distributed by the Copyright Holder(s).
"Modified Version" refers to any derivative made by adding to, deleting,
or substituting -- in part or in whole -- any of the components of the
Original Version, by changing formats or by porting the Font Software to a
new environment.
"Author" refers to any designer, engineer, programmer, technical
writer or other person who contributed to the Font Software.
PERMISSION & CONDITIONS
Permission is hereby granted, free of charge, to any person obtaining
a copy of the Font Software, to use, study, copy, merge, embed, modify,
redistribute, and sell modified and unmodified copies of the Font
Software, subject to the following conditions:
1) Neither the Font Software nor any of its individual components,
in Original or Modified Versions, may be sold by itself.
2) Original or Modified Versions of the Font Software may be bundled,
redistributed and/or sold with any software, provided that each copy
contains the above copyright notice and this license. These can be
included either as stand-alone text files, human-readable headers or
in the appropriate machine-readable metadata fields within text or
binary files as long as those fields can be easily viewed by the user.
3) No Modified Version of the Font Software may use the Reserved Font
Name(s) unless explicit written permission is granted by the corresponding
Copyright Holder. This restriction only applies to the primary font name as
presented to the users.
4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
Software shall not be used to promote, endorse or advertise any
Modified Version, except to acknowledge the contribution(s) of the
Copyright Holder(s) and the Author(s) or with their explicit written
permission.
5) The Font Software, modified or unmodified, in part or in whole,
must be distributed entirely under this license, and must not be
distributed under any other license. The requirement for fonts to
remain under this license does not apply to any document created
using the Font Software.
TERMINATION
This license becomes null and void if any of the above conditions are
not met.
DISCLAIMER
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
OTHER DEALINGS IN THE FONT SOFTWARE.

Binary file not shown.

View file

@ -1,93 +0,0 @@
Copyright (c) 2010-2011, Nathan Willis (nwillis@glyphography.com), with Reserved Font Name "News Cycle."
This Font Software is licensed under the SIL Open Font License, Version 1.1.
This license is copied below, and is also available with a FAQ at:
http://scripts.sil.org/OFL
-----------------------------------------------------------
SIL OPEN FONT LICENSE Version 1.1 - 26 February 2007
-----------------------------------------------------------
PREAMBLE
The goals of the Open Font License (OFL) are to stimulate worldwide
development of collaborative font projects, to support the font creation
efforts of academic and linguistic communities, and to provide a free and
open framework in which fonts may be shared and improved in partnership
with others.
The OFL allows the licensed fonts to be used, studied, modified and
redistributed freely as long as they are not sold by themselves. The
fonts, including any derivative works, can be bundled, embedded,
redistributed and/or sold with any software provided that any reserved
names are not used by derivative works. The fonts and derivatives,
however, cannot be released under any other type of license. The
requirement for fonts to remain under this license does not apply
to any document created using the fonts or their derivatives.
DEFINITIONS
"Font Software" refers to the set of files released by the Copyright
Holder(s) under this license and clearly marked as such. This may
include source files, build scripts and documentation.
"Reserved Font Name" refers to any names specified as such after the
copyright statement(s).
"Original Version" refers to the collection of Font Software components as
distributed by the Copyright Holder(s).
"Modified Version" refers to any derivative made by adding to, deleting,
or substituting -- in part or in whole -- any of the components of the
Original Version, by changing formats or by porting the Font Software to a
new environment.
"Author" refers to any designer, engineer, programmer, technical
writer or other person who contributed to the Font Software.
PERMISSION & CONDITIONS
Permission is hereby granted, free of charge, to any person obtaining
a copy of the Font Software, to use, study, copy, merge, embed, modify,
redistribute, and sell modified and unmodified copies of the Font
Software, subject to the following conditions:
1) Neither the Font Software nor any of its individual components,
in Original or Modified Versions, may be sold by itself.
2) Original or Modified Versions of the Font Software may be bundled,
redistributed and/or sold with any software, provided that each copy
contains the above copyright notice and this license. These can be
included either as stand-alone text files, human-readable headers or
in the appropriate machine-readable metadata fields within text or
binary files as long as those fields can be easily viewed by the user.
3) No Modified Version of the Font Software may use the Reserved Font
Name(s) unless explicit written permission is granted by the corresponding
Copyright Holder. This restriction only applies to the primary font name as
presented to the users.
4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
Software shall not be used to promote, endorse or advertise any
Modified Version, except to acknowledge the contribution(s) of the
Copyright Holder(s) and the Author(s) or with their explicit written
permission.
5) The Font Software, modified or unmodified, in part or in whole,
must be distributed entirely under this license, and must not be
distributed under any other license. The requirement for fonts to
remain under this license does not apply to any document created
using the Font Software.
TERMINATION
This license becomes null and void if any of the above conditions are
not met.
DISCLAIMER
THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
OTHER DEALINGS IN THE FONT SOFTWARE.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -45,9 +45,9 @@ $user->get_info($_COOKIE["token"]);
} }
?> ?>
<link rel="stylesheet" href="/style/helper.css"> <link rel="stylesheet" href="/style/helper.css">
<script src="/bin/jquery.js"></script> <script src="/js/jquery.js"></script>
<script src="/bin/main.js"></script> <script src="/js/main.js"></script>
<title>Einkaufsliste</title> <title>ShoppingList</title>
</head> </head>
<body> <body>
@ -55,7 +55,7 @@ $user->get_info($_COOKIE["token"]);
if ($site && ($site != "login")) { if ($site && ($site != "login")) {
include $_SESSION["docroot"] . '/cont/nav.php'; include $_SESSION["docroot"] . '/cont/nav.php';
} }
echo '<div id="content" class="container">'; echo '<div id="content" class="container pt-4">';
switch ($site) { switch ($site) {
case "login": case "login":
include $_SESSION["docroot"] . '/cont/login.php'; include $_SESSION["docroot"] . '/cont/login.php';
@ -100,7 +100,7 @@ $user->get_info($_COOKIE["token"]);
} }
echo "</div>"; echo "</div>";
?> ?>
<script src="bin/bootstrap.bundle.min.js"></script> <script src="js/bootstrap.bundle.min.js"></script>
</body> </body>
</html> </html>

View file

@ -39,7 +39,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="/style/fontawesome/css/all.css"> <link rel="stylesheet" href="/style/fontawesome/css/all.css">
<link rel="stylesheet" href="/style/main.css"> <link rel="stylesheet" href="/style/main.css">
<script src="/bin/jquery.js"></script> <script src="/js/jquery.js"></script>
</head> </head>
<body> <body>

View file

@ -45,7 +45,6 @@ $CONFIG["host"] = $_POST['dbhost'];
$CONFIG["username"] = $_POST['username']; $CONFIG["username"] = $_POST['username'];
$CONFIG["passwd"] = $_POST['passwd']; $CONFIG["passwd"] = $_POST['passwd'];
$CONFIG["database"] = $_POST['database']; $CONFIG["database"] = $_POST['database'];
$CONFIG["theme"] = "default";
file_put_contents($_SESSION["docroot"].'/config/config.php', '<?php '."\r\n".'$CONFIG = '.var_export($CONFIG, true).";\n\r?>"); file_put_contents($_SESSION["docroot"].'/config/config.php', '<?php '."\r\n".'$CONFIG = '.var_export($CONFIG, true).";\n\r?>");

View file

@ -4,8 +4,8 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="/style/fontawesome/css/all.css"> <link rel="stylesheet" href="/style/fontawesome/css/all.css">
<link rel="stylesheet" href="/style/main.css"> <link rel="stylesheet" href="/style/main.css">
<script src="/bin/jquery.js"></script> <script src="/js/jquery.js"></script>
<script src="/bin/adduser.js" charset="utf-8"></script> <script src="/js/adduser.js" charset="utf-8"></script>
<title>Benutzer hinzufügen</title> <title>Benutzer hinzufügen</title>
</head> </head>
<body> <body>

View file

View file

@ -1,4 +1,5 @@
$(document).ready(function () { $(document).ready(function () {
highlightNewEntry();
$("input[type=checkbox]").change(checkItem); $("input[type=checkbox]").change(checkItem);
$("#remove").click(deleteCheckeditems); $("#remove").click(deleteCheckeditems);
$("#nameField").focus(); $("#nameField").focus();
@ -6,6 +7,25 @@ $(document).ready(function () {
$("#nameField").on("focus", function () { $(this).select(); }); $("#nameField").on("focus", function () { $(this).select(); });
}); });
function highlightNewEntry(){
var cookies = document.cookie;
var cookieRegExp = new RegExp(/;?\s+newItem=(\d+)/g);
var match = cookieRegExp.exec(cookies);
if(match!=null){
var newID = match[1];
var checkBox = $("[data-id=" + newID + "]");
var newRow = checkBox.parent().parent();
newRow.removeClass($(checkBox).data("color"));
newRow.addClass("alert-primary");
setTimeout(function () {
newRow.removeClass("alert-primary");
newRow.addClass($(checkBox).data("color"));
}, 1000);
document.cookie = "newItem=-1"
console.log(document.cookie);
}
}
function deleteCheckeditems() { function deleteCheckeditems() {
$.post({ $.post({
url: "api/list/del", url: "api/list/del",

View file

@ -13,7 +13,10 @@
$token = "-1"; $token = "-1";
} }
$result = $mysqli->query('SELECT * FROM `sessions` WHERE `session_id` = \''.$token.'\';'); $selectQuery = $mysqli->prepare('SELECT * FROM `sessions` WHERE `session_id` = ?;');
$selectQuery->bind_param("s", $token);
$selectQuery->execute();
$result = $selectQuery->get_result();
if(($result->num_rows) == 0 && (!(in_array("site", array_keys($_GET))) || $_GET["site"]!="login")) if(($result->num_rows) == 0 && (!(in_array("site", array_keys($_GET))) || $_GET["site"]!="login"))
{ {

View file

@ -19,7 +19,7 @@
function shopping(){ function shopping(){
include $_SESSION["docroot"].'/config/config.php'; include $_SESSION["docroot"].'/config/config.php';
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$result = $mysqli->query("SELECT * FROM `ViewEinkauf` ORDER BY `ViewEinkauf`.`Name` ASC"); $result = $mysqli->query("SELECT * FROM `ViewEinkauf` ORDER BY `ViewEinkauf`.`Name` ASC;");
while($item = $result->fetch_assoc()){ while($item = $result->fetch_assoc()){
$this->addItem($item["ID"], $item["Anzahl"], $item["Einheit"], $item["Name"], $item["Erledigt"]); $this->addItem($item["ID"], $item["Anzahl"], $item["Einheit"], $item["Name"], $item["Erledigt"]);
} }
@ -30,15 +30,20 @@
include $_SESSION["docroot"].'/config/config.php'; include $_SESSION["docroot"].'/config/config.php';
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
if(!is_int($einheit)){ if(!is_int($einheit)){
$unit_query = "SELECT * FROM `Einheit` WHERE `Name` = \"$einheit\""; $selectQuery = $mysqli->prepare("SELECT * FROM `Einheit` WHERE `Name` = ?;");
$result = $mysqli->query($unit_query); $selectQuery->bind_param("s", $einheit);
$selectQuery->execute();
$result = $selectQuery->get_result();
while($row = $result->fetch_assoc()){ while($row = $result->fetch_assoc()){
$einheit = $row["ID"]; $einheit = $row["ID"];
} }
} }
$insertQuery = "INSERT INTO `Einkauf` (`Anzahl`, `Einheit`, `Name`, `Erledigt`) VALUES (".$anzahl.", ".$einheit.", '".$name."', 0)"; $insertQuery = $mysqli->prepare("INSERT INTO `Einkauf` (`Anzahl`, `Einheit`, `Name`, `Erledigt`) VALUES (?, ?, ?, 0);");
$mysqli->query($insertQuery); $insertQuery->bind_param("sss", $anzahl, $einheit, $name);
$result = $insertQuery->execute();
$insertID = $mysqli->insert_id;
$mysqli->close(); $mysqli->close();
return $insertID;
} }
function newItems($itemList){ function newItems($itemList){
@ -50,14 +55,16 @@
function removeChecked(){ function removeChecked(){
include $_SESSION["docroot"].'/config/config.php'; include $_SESSION["docroot"].'/config/config.php';
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$mysqli->query("DELETE FROM `Einkauf` WHERE `Erledigt`=1"); $mysqli->query("DELETE FROM `Einkauf` WHERE `Erledigt`=1;");
$mysqli->close(); $mysqli->close();
} }
function check($id, $status){ function check($id, $status){
include $_SESSION["docroot"].'/config/config.php'; include $_SESSION["docroot"].'/config/config.php';
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$mysqli->query("UPDATE `Einkauf` SET `Erledigt` = $status WHERE `Einkauf`.`ID` = $id"); $updateQuery = $mysqli->prepare("UPDATE `Einkauf` SET `Erledigt` = $status WHERE `Einkauf`.`ID` = ?;");
$updateQuery->bind_param("s", $id);
$updateQuery->execute();
$mysqli->close(); $mysqli->close();
} }
@ -89,7 +96,7 @@
function units(){ function units(){
include $_SESSION["docroot"].'/config/config.php'; include $_SESSION["docroot"].'/config/config.php';
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$result = $mysqli->query("SELECT * FROM `Einheit`"); $result = $mysqli->query("SELECT * FROM `Einheit`;");
while($item = $result->fetch_assoc()){ while($item = $result->fetch_assoc()){
$this->addItem($item["ID"], $item["Name"], $item["Standard"]); $this->addItem($item["ID"], $item["Name"], $item["Standard"]);
} }

File diff suppressed because it is too large Load diff

View file

@ -14,7 +14,7 @@
} }
function unitList(){ function unitList(){
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$result = $mysqli->query("SELECT * FROM `Einheit`"); $result = $mysqli->query("SELECT * FROM `Einheit`;");
while($item = $result->fetch_assoc()){ while($item = $result->fetch_assoc()){
$this->addItem($item["ID"], $item["Name"], $item["Standard"]); $this->addItem($item["ID"], $item["Name"], $item["Standard"]);
} }
@ -22,7 +22,10 @@
} }
function getID($Name){ function getID($Name){
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$result = $mysqli->query("SELECT `ID` FROM `Einheit` WHERE `Name` = '$Name'"); $selectQuery = $mysqli->prepare("SELECT `ID` FROM `Einheit` WHERE `Name` = ?;");
$selectQuery->bind_param("s", "$Name");
$selectQuery->execute();
$result = $selectQuery->get_result();
$ID = $result->fetch_assoc(); $ID = $result->fetch_assoc();
return $ID["ID"]; return $ID["ID"];
} }
@ -57,16 +60,28 @@
public $sites = array(); public $sites = array();
function getRecipe($ID){ function getRecipe($ID){
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$recipes = $mysqli->query("SELECT * FROM `Rezept` WHERE `ID` = $ID ORDER BY Name ASC"); $selectQuery = $mysqli->prepare("SELECT * FROM `Rezept` WHERE `ID` = ? ORDER BY Name ASC;");
$selectQuery->bind_param("s", $ID);
$selectQuery->execute();
$recipes = $selectQuery->get_result();
while($recipe = $recipes->fetch_assoc()){ while($recipe = $recipes->fetch_assoc()){
$current = new recipe($RID = $recipe["ID"], $RName = $recipe["Name"], $RDuration = $recipe["Dauer"], $RDescription = $recipe["Beschreibung"]); $current = new recipe($RID = $recipe["ID"], $RName = $recipe["Name"], $RDuration = $recipe["Dauer"], $RDescription = $recipe["Beschreibung"]);
$recepieIngredients = $mysqli->query("SELECT * FROM `RezeptZutat` WHERE `Rezept` = $RID"); $selectIngredientsQuery = $mysqli->prepare("SELECT * FROM `RezeptZutat` WHERE `Rezept` = ?;");
$selectIngredientsQuery->bind_param("s", $RID);
$selectIngredientsQuery->execute();
$recepieIngredients = $selectIngredientsQuery->get_result();
while($recepieIngredient = $recepieIngredients->fetch_assoc()){ while($recepieIngredient = $recepieIngredients->fetch_assoc()){
$IID = $recepieIngredient["Zutat"]; $IID = $recepieIngredient["Zutat"];
$IAmount = $recepieIngredient["Menge"]; $IAmount = $recepieIngredient["Menge"];
$units = $mysqli->query("SELECT `Name` FROM `Einheit` WHERE `ID` = ".$recepieIngredient["Einheit"]); $selectUnitQuery = $mysqli->prepare("SELECT `Name` FROM `Einheit` WHERE `ID` = ?;");
$selectUnitQuery->bind_param("s", $recepieIngredient["Einheit"]);
$selectUnitQuery->execute();
$units = $selectUnitQuery->get_result();
while($unit = $units->fetch_assoc()){$IUnit = $unit["Name"];} while($unit = $units->fetch_assoc()){$IUnit = $unit["Name"];}
$names = $mysqli->query("SELECT `Name` FROM `Zutat` WHERE `ID` = ".$recepieIngredient["Zutat"]); $selectNamesQuery = $mysqli->prepare("SELECT `Name` FROM `Zutat` WHERE `ID` = ?;");
$selectNamesQuery->bind_param("s", $recepieIngredient["Zutat"]);
$selectNamesQuery->execute();
$names = $selectNamesQuery->get_result();
while($name = $names->fetch_assoc()){$IName = $name["Name"];} while($name = $names->fetch_assoc()){$IName = $name["Name"];}
$current->addIngredient($IID, $IAmount, $IUnit, $IName); $current->addIngredient($IID, $IAmount, $IUnit, $IName);
} }
@ -80,13 +95,22 @@
$recipes = $mysqli->query("SELECT * FROM `Rezept` ORDER BY Name ASC"); $recipes = $mysqli->query("SELECT * FROM `Rezept` ORDER BY Name ASC");
while($recipe = $recipes->fetch_assoc()){ while($recipe = $recipes->fetch_assoc()){
$current = new recipe($RID = $recipe["ID"], $RName = $recipe["Name"], $RDuration = $recipe["Dauer"], $RDescription = $recipe["Beschreibung"]); $current = new recipe($RID = $recipe["ID"], $RName = $recipe["Name"], $RDuration = $recipe["Dauer"], $RDescription = $recipe["Beschreibung"]);
$recepieIngredients = $mysqli->query("SELECT * FROM `RezeptZutat` WHERE `Rezept` = $RID"); $selectIngredientsQuery = $mysqli->prepare("SELECT * FROM `RezeptZutat` WHERE `Rezept` = ?;");
$selectIngredientsQuery->bind_param("s", $RID);
$selectIngredientsQuery->execute();
$recepieIngredients = $selectIngredientsQuery->get_result();
while($recepieIngredient = $recepieIngredients->fetch_assoc()){ while($recepieIngredient = $recepieIngredients->fetch_assoc()){
$IID = $recepieIngredient["Zutat"]; $IID = $recepieIngredient["Zutat"];
$IAmount = $recepieIngredient["Menge"]; $IAmount = $recepieIngredient["Menge"];
$units = $mysqli->query("SELECT `Name` FROM `Einheit` WHERE `ID` = ".$recepieIngredient["Einheit"]); $selectUnitQuery = $mysqli->prepare("SELECT `Name` FROM `Einheit` WHERE `ID` = ?;");
$selectUnitQuery->bind_param("s", $recepieIngredient["Einheit"]);
$selectUnitQuery->execute();
$units = $selectUnitQuery->get_result();
while($unit = $units->fetch_assoc()){$IUnit = $unit["Name"];} while($unit = $units->fetch_assoc()){$IUnit = $unit["Name"];}
$names = $mysqli->query("SELECT `Name` FROM `Zutat` WHERE `ID` = ".$recepieIngredient["Zutat"]); $selectNamesQuery = $mysqli->prepare("SELECT `Name` FROM `Zutat` WHERE `ID` = ?;");
$selectNamesQuery->bind_param("s", $recepieIngredient["Zutat"]);
$selectNamesQuery->execute();
$names = $selectNamesQuery->get_result();
while($name = $names->fetch_assoc()){$IName = $name["Name"];} while($name = $names->fetch_assoc()){$IName = $name["Name"];}
$current->addIngredient($IID, $IAmount, $IUnit, $IName); $current->addIngredient($IID, $IAmount, $IUnit, $IName);
} }
@ -103,7 +127,10 @@
$import = json_decode($_POST["content"]); $import = json_decode($_POST["content"]);
if($import->sites!=null){ if($import->sites!=null){
foreach ($import->sites as $site) { foreach ($import->sites as $site) {
$result = $mysqli->query("SELECT * FROM `Rezept` WHERE `Name`='$site->Name'"); $selectQuery = $mysqli->prepare("SELECT * FROM `Rezept` WHERE `Name`=?;");
$selectQuery->bind_param("s", $site->Name);
$selectQuery->execute();
$result = $selectQuery->get_result();
if($result->num_rows>0){ if($result->num_rows>0){
array_push($failed_sites, $site); array_push($failed_sites, $site);
} }
@ -132,53 +159,83 @@
function newRecipe($Name, $Dauer, $Beschreibung, $Zutaten){ function newRecipe($Name, $Dauer, $Beschreibung, $Zutaten){
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$mysqli->query("INSERT INTO `Rezept` (`Name`, `Dauer`, `Beschreibung`) VALUES ('$Name', '$Dauer', '$Beschreibung')"); $insertQuery = $mysqli->prepare("INSERT INTO `Rezept` (`Name`, `Dauer`, `Beschreibung`) VALUES (?, ?, ?);");
$insertQuery->bind_param("sss", $Name, $Dauer, $Beschreibung);
$insertQuery->execute();
$RezeptID = $mysqli->insert_id; $RezeptID = $mysqli->insert_id;
foreach ($Zutaten as $Zutat) { foreach ($Zutaten as $Zutat) {
$ZutatID = null; $ZutatID = null;
$result = $mysqli->query("SELECT ID FROM `Zutat` WHERE `Name` LIKE '".$Zutat["Name"]."'"); $selectIngredientsQuery = $mysqli->prepare("SELECT ID FROM `Zutat` WHERE `Name` LIKE ?;");
$selectIngredientsQuery->bind_param("s", $Zutat["Name"]);
$selectIngredientsQuery->execute();
$result = $selectIngredientsQuery->get_result();
if($result->num_rows>0){ if($result->num_rows>0){
$item = $result->fetch_assoc(); $item = $result->fetch_assoc();
$ZutatID = $item["ID"]; $ZutatID = $item["ID"];
} }
else{ else{
$mysqli->query("INSERT INTO `Zutat` (`Name`) VALUES ('".ucwords($Zutat["Name"])."')"); $UppercaseName = ucwords($Zutat["Name"]);
$insertIngredientsQuery = $mysqli->prepare("INSERT INTO `Zutat` (`Name`) VALUES (?);");
$insertIngredientsQuery->bind_param("s", $UppercaseName);
$insertIngredientsQuery->execute();
$ZutatID = $mysqli->insert_id; $ZutatID = $mysqli->insert_id;
} }
$mysqli->query("INSERT INTO `RezeptZutat` (`Rezept`,`Menge`,`Einheit`,`Zutat`) VALUES ('{$RezeptID}','{$Zutat["Amount"]}','{$Zutat["Unit"]}','{$ZutatID}');"); $inserRecipeQuery = $mysqli->prepare("INSERT INTO `RezeptZutat` (`Rezept`,`Menge`,`Einheit`,`Zutat`) VALUES (?,?,?,?);");
$inserRecipeQuery->bind_param("ssss", $RezeptID, $Zutat["Amount"], $Zutat["Unit"], $ZutatID);
$inserRecipeQuery->execute();
} }
$mysqli->close(); $mysqli->close();
} }
function updateRecipe($ID, $Name, $Dauer, $Beschreibung, $Zutaten){ function updateRecipe($ID, $Name, $Dauer, $Beschreibung, $Zutaten){
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$mysqli->query("UPDATE `Rezept` SET `Name` = '$Name', `Dauer` = '$Dauer', `Beschreibung` = '$Beschreibung' WHERE `Rezept`.`ID` = $ID;"); $updateQuery = $mysqli->prepare("UPDATE `Rezept` SET `Name` = ?, `Dauer` = ?, `Beschreibung` = ? WHERE `Rezept`.`ID` = ?;");
$mysqli->query("DELETE FROM RezeptZutat WHERE Rezept = $ID"); $updateQuery->bind_param("ssss", $Name, $Dauer, $Beschreibung, $ID);
$updateQuery->execute();
$deleteQuery = $mysqli->prepare("DELETE FROM RezeptZutat WHERE Rezept = ?;");
$deleteQuery->bind_param("s", $ID);
$deleteQuery->execute();
foreach ($Zutaten as $Zutat) { foreach ($Zutaten as $Zutat) {
$ZutatID = null; $ZutatID = null;
$result = $mysqli->query("SELECT ID FROM `Zutat` WHERE `Name` LIKE '".$Zutat["Name"]."'"); $selectIngredientsQuery = $mysqli->prepare("SELECT ID FROM `Zutat` WHERE `Name` LIKE ?;");
$selectIngredientsQuery->bind_param("s", $Zutat["Name"]);
$selectIngredientsQuery->execute();
$result = $selectIngredientsQuery->get_result();
if($result->num_rows>0){ if($result->num_rows>0){
while($item = $result->fetch_assoc()){ $ZutatID = $item["ID"];} while($item = $result->fetch_assoc()){ $ZutatID = $item["ID"];}
} }
else{ else{
$mysqli->query("INSERT INTO `Zutat` (`Name`) VALUES ('".ucwords($Zutat["Name"])."')"); $uppercaseName = ucwords($Zutat["Name"]);
$insertIngredientsQuery = $mysqli->prepare("INSERT INTO `Zutat` (`Name`) VALUES (?);");
$insertIngredientsQuery->bind_param("s", $uppercaseName);
$insertIngredientsQuery->execute();
$ZutatID = $mysqli->insert_id; $ZutatID = $mysqli->insert_id;
} }
$mysqli->query("INSERT INTO `RezeptZutat` (`Rezept`,`Menge`,`Einheit`,`Zutat`) VALUES ('{$ID}','{$Zutat["Amount"]}','{$Zutat["Unit"]}','{$ZutatID}');"); $insertRecipeIngredientsQuery = $mysqli->prepare("INSERT INTO `RezeptZutat` (`Rezept`,`Menge`,`Einheit`,`Zutat`) VALUES (?,?,?,?);");
$insertRecipeIngredientsQuery->bind_param("ssss", $ID, $Zutat["Amount"], $Zutat["Unit"], $ZutatID);
$insertRecipeIngredientsQuery->execute();
} }
} }
function removeRecipe($ID){ function removeRecipe($ID){
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$mysqli->query("DELETE FROM `RezeptZutat` WHERE `Rezept`=$ID"); $deleteQuery = $mysqli->prepare("DELETE FROM `RezeptZutat` WHERE `Rezept`=?;");
$mysqli->query("DELETE FROM Rezept WHERE ID=$ID"); $deleteQuery->bind_param("s", $ID);
$deleteQuery->execute();
$deleteQuery = $mysqli->prepare("DELETE FROM Rezept WHERE ID=?;");
$deleteQuery->bind_param("s", $ID);
$deleteQuery->execute();
$mysqli->close(); $mysqli->close();
} }
function getAllIngredientsContaining($q){ function getAllIngredientsContaining($q){
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$values = array(); $values = array();
$result = $mysqli->query("SELECT Name FROM Zutat WHERE Name LIKE '%$q%' ORDER BY Name ASC"); $filterValue = "%$q%";
$selectQuery = $mysqli->prepare("SELECT Name FROM Zutat WHERE Name LIKE ? ORDER BY Name ASC");
$selectQuery->bind_param("s", $filterValue);
$selectQuery->execute();
$result = $selectQuery->get_result();
while($item = $result->fetch_assoc()){ while($item = $result->fetch_assoc()){
array_push($values, $item["Name"]); array_push($values, $item["Name"]);
} }

View file

@ -5,8 +5,10 @@
function get_info($session_id) { function get_info($session_id) {
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$query = "SELECT uid, username, email, theme, last_login, salt FROM `users` WHERE `uid` = (SELECT user FROM `sessions` WHERE `session_id` = \"$session_id\")"; $selectQuery = $mysqli->prepare("SELECT uid, username, email, theme, last_login, salt FROM `users` WHERE `uid` = (SELECT user FROM `sessions` WHERE `session_id` = ?);");
$result = $mysqli->query($query); $selectQuery->bind_param("s", $session_id);
$selectQuery->execute();
$result = $selectQuery->get_result();
$user = $result->fetch_assoc(); $user = $result->fetch_assoc();
$this->uid = $user["uid"]; $this->uid = $user["uid"];
$this->username = $user["username"]; $this->username = $user["username"];
@ -21,11 +23,15 @@
include $_SESSION["docroot"].'/php/hash.php'; include $_SESSION["docroot"].'/php/hash.php';
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$current_pwhash = hash_password($current, $this->salt); $current_pwhash = hash_password($current, $this->salt);
$query = "SELECT `uid` FROM `users` WHERE `uid` = $this->uid AND `password` = '$current_pwhash'"; $selectQuery = $mysqli->prepare("SELECT `uid` FROM `users` WHERE `uid` = ? AND `password` = ?;");
$result = $mysqli->query($query); $selectQuery->bind_param("ss", $this->uid, $current_pwhash);
$selectQuery->execute();
$result = $selectQuery->get_result();
if($result->num_rows===1){ if($result->num_rows===1){
$new_pwdhash = hash_password($new, $this->salt); $new_pwdhash = hash_password($new, $this->salt);
$mysqli->query("UPDATE `users` SET `password` = '$new_pwdhash' WHERE `users`.`uid` = $this->uid;"); $updateQuery = $mysqli->prepare("UPDATE `users` SET `password` = ? WHERE `users`.`uid` = ?;");
$updateQuery->bind_param("ss", $new_pwdhash, $this->uid);
$updateQuery->execute();
$mysqli->close(); $mysqli->close();
print_r("0"); print_r("0");
} }
@ -35,20 +41,25 @@
} }
function change_mail($mailaddress){ function change_mail($mailaddress){
include $_SESSION["docroot"].'/php/hash.php';
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$this->mail = $mailaddress; $this->mail = $mailaddress;
$result = $mysqli->query("UPDATE `users` SET `email` = '$mailaddress' WHERE `users`.`uid` = $this->uid;"); $updateQuery = $mysqli->prepare("UPDATE `users` SET `email` = ? WHERE `users`.`uid` = ?;");
$updateQuery->bind_param("ss", $mailaddress, $this->uid);
$updateQuery->execute();
$mysqli->close(); $mysqli->close();
} }
function change_username($newname){ function change_username($newname){
include $_SESSION["docroot"].'/php/hash.php';
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$this->username = $newname; $this->username = $newname;
$result = $mysqli->query("SELECT * WHERE `username` = $this->username;"); $selectQuery = $mysqli->prepare("SELECT * FROM `users` WHERE `username` = ?;");
$selectQuery->bind_param("s", $this->username);
$selectQuery->execute();
$result = $selectQuery->get_result();
if($result->num_rows==0){ if($result->num_rows==0){
$result = $mysqli->query("UPDATE `users` SET `username` = '$newname' WHERE `users`.`uid` = $this->uid;"); $updateQuery = $mysqli->prepare("UPDATE `users` SET `username` = ? WHERE `users`.`uid` = ?;");
$updateQuery->bind_param("ss", $newname, $this->uid);
$updateQuery->execute();
print_r("0"); print_r("0");
} }
else{ else{
@ -59,7 +70,9 @@
function change_theme($theme){ function change_theme($theme){
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$result = $mysqli->query("UPDATE `users` SET `theme` = '$theme' WHERE `users`.`uid` = $this->uid;"); $updateQuery = $mysqli->prepare("UPDATE `users` SET `theme` = ? WHERE `users`.`uid` = ?;");
$updateQuery->bind_param("ss", $theme, $this->uid);
$updateQuery->execute();
if($result){ if($result){
print_r("0"); print_r("0");
} }
@ -72,13 +85,17 @@
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
include $_SESSION["docroot"].'/php/hash.php'; include $_SESSION["docroot"].'/php/hash.php';
$query = "SELECT `uid` FROM `users` WHERE `username` = '$uname'"; $selectQuery = $mysqli->prepare("SELECT `uid` FROM `users` WHERE `username` = ?;");
$result = $mysqli->query($query); $selectQuery->bind_param("s", $uname);
$selectQuery->execute();
$result = $selectQuery->get_result();
if($result->num_rows==0){ if($result->num_rows==0){
$salt = create_salt(); $salt = create_salt();
$passhash = hash_password($password, $salt); $passhash = hash_password($password, $salt);
$query = "INSERT INTO `users` (`username`, `password`, `salt`, `last_login`) VALUES ('$uname', '$passhash', '$salt', CURRENT_TIMESTAMP);"; $insertQuery = $mysqli->prepare("INSERT INTO `users` (`username`, `password`, `salt`, `last_login`) VALUES (?, ?, ?, CURRENT_TIMESTAMP);");
$result = $mysqli->query($query); $insertQuery->bind_param("sss", $uname, $passhash, $salt);
$insertQuery->execute();
$result = $insertQuery->get_result();
unset($salt); unset($salt);
unset($password); unset($password);
print_r(0); print_r(0);

View file

@ -4,7 +4,8 @@
switch ($_GET["function"]) { switch ($_GET["function"]) {
case 'new': case 'new':
$shopping->newItem($_POST["anzahl"], $_POST["einheit"], $_POST["name"]); $newID = $shopping->newItem($_POST["anzahl"], $_POST["einheit"], $_POST["name"]);
setcookie("newItem", "$newID", 0, "/", "");
header("Location: /list"); header("Location: /list");
break; break;

View file

@ -4,9 +4,10 @@ include $_SESSION["docroot"].'/config/config.php';
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
include $_SESSION["docroot"].'/php/hash.php'; include $_SESSION["docroot"].'/php/hash.php';
$selectQuery = $mysqli->prepare('SELECT `uid`,`username`,`password`,`salt` FROM users WHERE `username`=?;');
$query = 'SELECT `uid`,`username`,`password`,`salt` FROM users WHERE `username`=\''.$_POST['user'].'\';'; $selectQuery->bind_param("s", $_POST['user']);
$result = $mysqli->query($query); $selectQuery->execute();
$result = $selectQuery->get_result();
if ($result->num_rows == 1) if ($result->num_rows == 1)
{ {
@ -27,13 +28,24 @@ if ($result->num_rows == 1)
$session_expiry = date('Y-m-d H:i:s', time()+86400); $session_expiry = date('Y-m-d H:i:s', time()+86400);
} }
$mysqli->query('INSERT INTO `sessions` (`session_id`, `user`, `expires`) VALUES (\''.$token.'\', \''.$userdetails["uid"].'\', \''.$session_expiry.'\'); '); $insertQuery = $mysqli->prepare('INSERT INTO `sessions` (`session_id`, `user`, `expires`) VALUES (?,?,?);');
$insertQuery->bind_param("sss", $token, $userdetails["uid"], $session_expiry);
$insertQuery->execute();
} }
$mysqli->query('UPDATE `users` SET `last_login` = \''.date("Y-m-d H:i:s").'\' WHERE `uid` = \''.$userdetails["uid"].'\';'); else
$mysqli->close(); {
header("Location: ".$_POST["refurl"]); setcookie("token", "false", 0, "/", "");
exit(0); header("Location: /");
exit(1);
}
$lastLoginDate = date("Y-m-d H:i:s");
$updateQuery = $mysqli->prepare("UPDATE `users` SET `last_login` = ? WHERE `uid` = ?;");
$updateQuery->bind_param("ss", $lastLoginDate, $userdetails["uid"]);
$updateQuery->execute();
$mysqli->close();
header("Location: ".$_POST["refurl"]);
exit(0);
} }
else else
{ {
@ -41,4 +53,4 @@ else
header("Location: /"); header("Location: /");
exit(1); exit(1);
} }
?> ?>

View file

@ -3,7 +3,9 @@ session_start();
include $_SESSION["docroot"].'/config/config.php'; include $_SESSION["docroot"].'/config/config.php';
include $_SESSION["docroot"].'/php/connect.php'; include $_SESSION["docroot"].'/php/connect.php';
$mysqli->query('DELETE FROM `sessions` WHERE `session_id`=\''.$_COOKIE["token"].'\';'); $deleteQuery = $mysqli->prepare('DELETE FROM `sessions` WHERE `session_id`=?;');
$deleteQuery->bind_param("s", $_COOKIE["token"]);
$deleteQuery->execute();
unset($_SESSION); unset($_SESSION);
session_destroy(); session_destroy();

View file

@ -1,9 +1,9 @@
.toast { .toast {
right: 0; right: 0;
left: unset !important; left: unset !important;
pointer-events: none pointer-events: none;
} }
.close_toast { .list-row {
pointer-events: all; transition: .5s;
} }

7108
style/themes/cerulan.css Normal file

File diff suppressed because it is too large Load diff

6819
style/themes/cosmo.css Normal file

File diff suppressed because it is too large Load diff

View file

@ -1,4 +1,4 @@
@import url("/fonts/roboto/Roboto-Regular.ttf"); @import url("https://fonts.googleapis.com/css?family=Roboto:400,700");
:root { :root {
--blue: #2A9FD6; --blue: #2A9FD6;
--indigo: #6610f2; --indigo: #6610f2;

View file

@ -1,4 +1,4 @@
@import url("/fonts/lato/Lato-Regular.ttf"); @import url("https://fonts.googleapis.com/css?family=Lato:400,700,400italic");
:root { :root {
--blue: #2C3E50; --blue: #2C3E50;
--indigo: #6610f2; --indigo: #6610f2;

View file

@ -1,4 +1,4 @@
@import url("/fonts/newscycle/NewsCycle-Regular.ttf"); @import url("https://fonts.googleapis.com/css?family=News+Cycle:400,700");
:root { :root {
--blue: #EB6864; --blue: #EB6864;
--indigo: #6610f2; --indigo: #6610f2;

7188
style/themes/litera.css Normal file

File diff suppressed because it is too large Load diff

7190
style/themes/minty.css Normal file

File diff suppressed because it is too large Load diff

6893
style/themes/pulse.css Normal file

File diff suppressed because it is too large Load diff

View file

@ -1,4 +1,4 @@
@import url("/fonts/roboto/Roboto-Regular.ttf"); @import url("https://fonts.googleapis.com/css?family=Roboto:400,500,700");
:root { :root {
--blue: #325D88; --blue: #325D88;
--indigo: #6610f2; --indigo: #6610f2;

7270
style/themes/sketchy.css Normal file

File diff suppressed because it is too large Load diff

7334
style/themes/slate.css Normal file

File diff suppressed because it is too large Load diff

7186
style/themes/solar.css Normal file

File diff suppressed because it is too large Load diff

7164
style/themes/spacelab.css Normal file

File diff suppressed because it is too large Load diff

7182
style/themes/superhero.css Normal file

File diff suppressed because it is too large Load diff

7016
style/themes/united.css Normal file

File diff suppressed because it is too large Load diff